web-app-builder

[Skill Scanner] Credential file access detected All findings: [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Credential file access detected (DE002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] data_exfiltration: Outbound data post or form upload via curl/wget detected (NW002) [AITech 8.2.3] [HIGH] supply_chain: Installation of third-party script detected (SC006) [AITech 9.1.4] This skill is functionally consistent with its stated purpose (building and deploying static web apps to a managed hosting endpoint). There are no clear indicators of malware, obfuscation, or direct credential harvesting in the provided code. The primary security concerns are supply-chain and trust risks: it runs npm install/build (which executes dependency lifecycle scripts) and routes artifacts and deploy control through a third-party API (api.rebyte.ai) and returned uploadUrl (e.g., storage.googleapis.com). Use is acceptable only if the operator/service is trusted. Review and verify the rebyte.ai endpoint and avoid including secrets in the build artifact. Follow normal hardening: pin dependencies, inspect package.json scripts, and ensure .env and sensitive files are excluded from the ZIP. LLM verification: This skill is functionally consistent with its documented purpose (building and deploying static web apps). It contains expected operations that require running third-party package installs and performing network uploads to api.rebyte.ai and Google Cloud Storage. Those operations are normal for a deployment tool but present supply-chain and data-exfiltration risks if run on untrusted code or on a system containing sensitive files. There is no clear evidence of intentional malicious behavior (no